Slashdot Mirror
Are UK Police Hacking File-Sharers' Computers?
superglaze writes "Following its takedown earlier this week of the music blog RnBXclusive, the UK's Serious Organised Crime Agency (SOCA) has claimed that "a number of site users have deleted their download histories" in response. Given that the site didn't host copyright-infringing files itself, how do they know? We've asked, but SOCA refuses to discuss its methods. A security expert has pointed out that, if they were hacking using Trojans, the police would themselves have been breaking the law. Added fun fact: SOCA readily admits that the scare message it showed visitors to the taken-down site was written 'with input from industry.'"
SOCA, How about a message from the people that pay you, "You are not above the law".
Never let the facts get in the way of good propaganda.
UK's Serious Organised Crime Agency
The Internet is Serious Business
Anons need not reply. Questions end with a question mark.
If SOCA, Serious Organised Crime Agency dealing with serious organized crime is fighting copyright infringement, then what is the agency called that deals with such things as mobsters, thieves, assassinations and illegal prostitution gangs? Those organized crimes aren't serious enough for SOCA? They sure are causing a lot more harm to the tax-payers.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Jesus.
These cretins ought to be dealing with people traffickers, gang crime and other actual Serious Organised Crime.
That they are taking down music sharing sites is ridiculous. The justification I heard recently was even more laughable. It was serious organised crime because it cost the record labels 15 million.
Ah, record label mathematics, even better than cop math!
I don't doubt that these sites are hives of illegal activity. What they are not is a serious threat to the British public, which SOCA should be concentrating on, not pissing into the wind trying to clamp down on piracy.
This JS history snooping sounds plausible, technically, but maybe not so practically. Besides the question of whether running such a script is legal: how did they manage to run those scrips?
To run such a history snooping script, a user has to visit a web site that runs said script. It's not likely the torrent site will do this for the authorities. It is also not likely that users will regularly visit anti-piracy web sites. They may visit it once, to get some information or out of curiousity, but well not much to repeat visits for.
Or is it done by the ISP? Who then would basically inject a js part into web pages the user downloads? Doesn't sound like a nice thing to do, to say the least.
Besides, such scripts afaik can only do something like "did you visit slashdot.org?": asking for specific URLs. I have not heard of a way to ask a browser "please tell me all sites this user has visited, and all urls which include slashdot.org". The first example shows whether or not the user visited the home page, the second example would give a list of all stories the user has opened, comments they opened, etc. You'd need the second method to be able to query a user's history for specific downloads.
Information from the browser cache determines whether to redownload a file, but the cache should be site-specific. Even if one site asks to download parts from another site, the browser should just reply "done" when the request is processed, regardless of whether that bit is locally available already or that it had to be downloaded.
The only legal way to obtain download histories would be if the user has a public profile on a web site that lists that user's download history (not likely) or that they would indeed come with a search warrant, confiscate the user's computer, and analyse its contents (even less likely).
So all in all this sounds like an illegal hacking action by the UK police.
What they did there was make a false allegation against him and anyone who downloaded music. He can't now get a fair trial because he's been accused of theft by the police publicly but they haven't brought a theft charge against him confirming it is a false claim.
They prejudiced his trial.
So what they need to do at this point is get back within the limits of the law, and stop propagandizing. The police have no place in society as a political campaign group.
Also they need to recognize that RIAA now represents less than 30% of music sold, and that 2011 was the biggest year for music sales on record. Copyright infringement is copyright infringement, it's dealt with by copyright laws, not theft laws. The only input they should be seeking on a take down notice is LEGAL input on the LAWS as they stand in the UK. Nothing else.
http://blog.nielsen.com/nielsenwire/consumer/cue-the-music-driven-by-digital-music-sales-up-in-2011/
What will happen now, is those false claims they made will be used in court as evidence of police misrepresentation of evidence.
My guess would be that the authorities may have included such a Javascript in the 'scare page' that is currently replacing the regular site. Regular visitors return to the site by following a bookmark, etc, and while the scare page is open in their browser the Javascript runs.
It would have likely been a part of the initial investigation to either set up a crawler to index the site before it was taken down, or simply pull down the RSS feed of new posts and scrape them for hrefs pointing to mp3s or otherwise. They could thus compile a list of "downloadable" files which had appeared on the blog.
Once the scare page has been put up, they could use the Javascript on the page to fetch lists of these download URLs, insert them into a hidden div on the page, and check each URL's "visited" status in unpatched browsers, sending the results back to the server asynchronously and logging them along with the IP and any other browser stats of the user in question. In this way they could glean data about which files from the site the current user had downloaded.
Now, assuming the above is even close to what happened in reality, I would guess that the site in question has had a large number of hits from curious bystanders (ie the slashdot / HN crowd) since the scare page went up, most of whom would have "clean" download histories as they had never visited the site during its operation. Maybe the people gathering stats have misinterpreted this as "lots of users who cleared their download history" before returning to the site.
Hooray for speculation!
... it's legal, and you end up in jail
When you hack cops' computers, it's illegal, and you end up in jail
Head you lose, tail, you also lose
Muchas Gracias, Señor Edward Snowden !
Write them a letter if you are in the UK even. In fact, it'll probably be more effective.
Personally for me, as a British citizen living in the UK, admittance by a police officer that my PC may have been hacked simply for visiting a site linked in a news article gives me all the justification I feel I need to submit a formal complaint to the IPCC and to my MP.
Whether it has or not, and whether the officer knew what he was on about is neither here nor there, the fact he believes that it's legitimate policing needs to be stamped right out.
If it is an admission by a police officer, then don't write to SOCA, write to the IPCC, who have the power to investigate claims of misconduct by members of SOCA.
I am TheRaven on Soylent News